[FFmpeg-devel] [PATCH] vp3: Fix out of bounds write.
dalecurtis at chromium.org
dalecurtis at chromium.org
Thu Apr 12 03:09:51 CEST 2012
From: Dale Curtis <dalecurtis at chromium.org>
On corrupt or malicious files, filter_limit can be >= 128 leading
to an out of bounds write.
Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
---
libavcodec/vp3.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index e94264e..be64978 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -399,7 +399,7 @@ static void init_loop_filter(Vp3DecodeContext *s)
/* set up the bounding values */
memset(s->bounding_values_array, 0, 256 * sizeof(int));
- for (x = 0; x < filter_limit; x++) {
+ for (x = 0; x < filter_limit && x < 128; x++) {
bounding_values[-x] = -x;
bounding_values[x] = x;
}
--
1.7.7.3
More information about the ffmpeg-devel
mailing list